Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/nm5KoexlNKgerxwMMzcl0SPRGkQ.roa
File:                     nm5KoexlNKgerxwMMzcl0SPRGkQ.roa (raw, json)
Hash identifier:          JJOtZOg67E9isDoVc7TeFi9YADa35v7jZMwG0+64DLY=
Subject key identifier:   9E:6E:4A:A1:EC:65:34:A8:1E:AF:1C:0C:33:37:25:D1:23:D1:1A:44
Certificate issuer:       /CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
Certificate serial:       018FE818C24E8089A8135852CD7F07803FD3
Authority key identifier: 3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/nm5KoexlNKgerxwMMzcl0SPRGkQ.roa
Signing time:             Wed 05 Jun 2024 11:11:27 +0000
ROA not before:           Wed 05 Jun 2024 11:11:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39238
IP address blocks:        2a09:6905::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e8:18:c2:4e:80:89:a8:13:58:52:cd:7f:07:80:3f:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec50ab4ccf72e3d60c09f964019d6c034c50a6c
        Validity
            Not Before: Jun  5 11:11:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e6e4aa1ec6534a81eaf1c0c333725d123d11a44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:31:9f:45:27:f0:38:99:0e:5d:2b:d1:c5:e6:
                    02:eb:54:84:a4:3b:56:68:e2:bf:a2:7d:b8:18:f8:
                    99:d9:bf:a0:d9:01:cf:85:88:fe:88:a8:41:77:1f:
                    84:0f:38:93:c7:0f:62:a0:10:6b:5d:af:f0:fb:88:
                    c7:c4:1c:bf:f0:f4:b5:e1:eb:36:c6:cf:e2:4a:d3:
                    c0:7a:ea:b2:79:a0:02:a0:69:a5:f2:18:ca:b8:aa:
                    e3:27:27:51:1b:32:45:71:b8:9d:50:5d:f4:80:f2:
                    77:62:1f:42:6c:98:c5:a4:b1:e1:eb:b8:28:3c:ce:
                    e2:6d:d4:19:cf:a7:de:53:de:1e:ce:ca:d0:b2:dc:
                    13:1d:7b:a4:97:70:61:7e:85:d2:7d:52:64:70:7f:
                    a4:25:df:33:4f:81:af:17:eb:d8:9c:c3:76:ce:4c:
                    7f:13:b6:a2:57:92:75:d5:22:80:b3:97:42:6e:a6:
                    66:f4:46:50:61:53:0a:b0:d1:89:e2:f6:89:3d:80:
                    ab:1c:8b:76:64:95:29:67:d9:a9:86:23:3b:b9:2f:
                    e4:ed:4f:4d:27:08:23:05:32:dd:0f:9d:59:e7:1d:
                    24:00:bd:7b:ff:57:d5:13:79:17:ad:53:9c:b6:81:
                    38:e9:79:12:e0:d6:c5:85:78:4c:0f:30:40:b8:8a:
                    96:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:6E:4A:A1:EC:65:34:A8:1E:AF:1C:0C:33:37:25:D1:23:D1:1A:44
            X509v3 Authority Key Identifier:
                keyid:3E:C5:0A:B4:CC:F7:2E:3D:60:C0:9F:96:40:19:D6:C0:34:C5:0A:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/nm5KoexlNKgerxwMMzcl0SPRGkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/79ef4f-e38e-44da-a657-2159376d3a64/1/PsUKtMz3Lj1gwJ-WQBnWwDTFCmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6905::/32

    Signature Algorithm: sha256WithRSAEncryption
         36:bf:64:71:92:e4:53:c1:c8:de:b3:3a:84:c4:c6:83:67:52:
         94:12:e0:f0:63:d6:36:7a:41:dc:67:e8:a9:e6:cd:8d:a5:4f:
         f0:71:b0:49:54:ef:0c:92:ec:5a:4a:6d:b5:f0:9d:70:e6:b4:
         d5:88:2e:7f:76:1f:7f:9b:50:df:66:40:bc:7a:b4:c8:cd:97:
         3a:7b:ff:7a:64:fb:42:f5:2c:83:99:40:85:bf:cc:4a:57:68:
         6d:c3:1c:b7:e0:83:a6:63:59:f7:ec:b3:d6:89:d9:1f:07:46:
         48:82:6f:db:76:34:aa:73:cc:9c:1a:ea:ff:0e:6a:f9:3e:b4:
         b7:d4:d3:05:a5:58:ce:31:a6:47:d3:ea:e9:7f:47:7d:d5:4f:
         2e:60:ad:91:83:b9:df:7f:2f:44:78:24:6a:ef:5d:0f:af:d4:
         42:28:63:66:66:7b:1d:25:9f:db:b8:ae:cc:cc:f7:b7:fc:11:
         8d:36:fd:03:3a:b4:96:6b:50:31:36:b2:46:8f:fd:c9:8d:92:
         b0:e7:d4:f4:52:90:d0:26:89:3a:6d:77:db:5d:21:61:b9:ff:
         a8:4e:b1:82:0c:71:4c:d9:3e:10:d4:9c:3c:d1:22:04:12:1b:
         8e:20:c0:ae:39:2d:5e:16:ec:ad:00:ec:25:3a:9c:58:2b:54:
         22:86:1d:93
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY/oGMJOgImoE1hSzX8HgD/TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzUwYWI0Y2NmNzJlM2Q2MGMwOWY5NjQwMTlkNmMwMzRj
NTBhNmMwHhcNMjQwNjA1MTExMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTZlNGFhMWVjNjUzNGE4MWVhZjFjMGMzMzM3MjVkMTIzZDExYTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizGfRSfwOJkOXSvRxeYC61SEpDtW
aOK/on24GPiZ2b+g2QHPhYj+iKhBdx+EDziTxw9ioBBrXa/w+4jHxBy/8PS14es2
xs/iStPAeuqyeaACoGml8hjKuKrjJydRGzJFcbidUF30gPJ3Yh9CbJjFpLHh67go
PM7ibdQZz6feU94ezsrQstwTHXukl3BhfoXSfVJkcH+kJd8zT4GvF+vYnMN2zkx/
E7aiV5J11SKAs5dCbqZm9EZQYVMKsNGJ4vaJPYCrHIt2ZJUpZ9mphiM7uS/k7U9N
JwgjBTLdD51Z5x0kAL17/1fVE3kXrVOctoE46XkS4NbFhXhMDzBAuIqWCQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJ5uSqHsZTSoHq8cDDM3JdEj0RpEMB8GA1UdIwQY
MBaAFD7FCrTM9y49YMCflkAZ1sA0xQpsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTct
MjE1OTM3NmQzYTY0LzEvbm01S29leGxOS2dlcnh3TU16Y2wwU1BSR2tRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83OWVmNGYtZTM4ZS00NGRhLWE2NTctMjE1OTM3NmQzYTY0
LzEvUHNVS3RNejNMajFnd0otV1FCbld3RFRGQ213LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKglpBTAN
BgkqhkiG9w0BAQsFAAOCAQEANr9kcZLkU8HI3rM6hMTGg2dSlBLg8GPWNnpB3Gfo
qebNjaVP8HGwSVTvDJLsWkpttfCdcOa01Yguf3Yff5tQ32ZAvHq0yM2XOnv/emT7
QvUsg5lAhb/MSldobcMct+CDpmNZ9+yz1onZHwdGSIJv23Y0qnPMnBrq/w5q+T60
t9TTBaVYzjGmR9Pq6X9HfdVPLmCtkYO5338vRHgkau9dD6/UQihjZmZ7HSWf27iu
zMz3t/wRjTb9Azq0lmtQMTayRo/9yY2SsOfU9FKQ0CaJOm13210hYbn/qE6xggxx
TNk+ENScPNEiBBIbjiDArjktXhbsrQDsJTqcWCtUIoYdkw==
-----END CERTIFICATE-----